Part 1: Installing LOGbinder for Exchange
Part 2: Configuring LOGbinder for Exchange
Part 3: Mailbox Audit Policy Management
Part 5: Appendix
Monitoring LOGbinder for Exchange
When installing, configuring, and running LOGbinder for Exchange,
the software writes diagnostic events to the Windows Application Event Log.
Most of these will be from the source "LOGbndSE" and the category
"LOGbinder." You may use the Windows Event Viewer to examine these
During Installation and Configuration
During installation and configuration, you will find these entries:
- After installation, there may be an entry from
the source MsiInstaller: "Product: LOGbinder EX -- Installation completed
- When the configuration of LOGbinder for Exchange
changes, you will see one or more entries entitled "LOGbinder settings
changed." See Appendix C: Diagnostic Events:“553– LOGbinder settings changed”
for information about these events.
- When the service starts, there may be an entry
from the source LOGbinder EX: "Service started successfully."
(Entries are also written when the service is stopped.)
You can monitor these events to ensure that LOGbinder for Exchange
continues to be configured properly, and that unauthorized changes do not
After configuring LOGbinder for Exchange and starting the service,
it automatically performs a check to ensure that LOGbinder's settings are valid
and that the account running the Windows service has sufficient authority. If
there is a problem, the LOGbinder for Exchange service will not start and a
message will be presented to the user. In most cases, the details of the
problem are written to the Application log. Common problems include:
- Input/output not configured properly. See the previous section “Configuring LOGbinder
for Exchange” for more information.
authority. If the service account does not have adequate authority, then
the service will not run. An entry is written to the Application log. See Appendix C: Diagnostic Events“556– LOGbinder insufficient authority”
for more details. Some of the common missing permissions include:
- Account does not have authority to log on as a Windows service
- Account does not have necessary permissions in Exchange.
- The account does not have authority to write to
the Security event log. (If this output destination has not been selected, then
it is not necessary to grant this permission.)
invalid. If the license is not valid or has expired, then the LOGbinder for
Exchange service will not run. An entry may be written to the Application log.
See Appendix C: Diagnostic Events:“557– License for LOGbinder invalid”
- Other errors will be found in entries entitled
"LOGbinder error." See Appendix C:Diagnostic Events:“555– LOGbinder error”
for more information.
If any of these errors are encountered, the LOGbinder for Exchange service will not run.
While LOGbinder for Exchange is Running
While LOGbinder for Exchange is running, you will see information entries in the Application log as follows:
- Entries 'exported' from Exchange. For each Exchange server being monitored, this message indicates the number of audit
entries that LOGbinder for Exchange has processed.
- Entries 'imported' into the Windows event log.
This indicates that the audit entries have been placed in the enabled output
formats. There will be one message event if multiple output formats have been
selected (i.e. you have selected both Windows Security Log and Windows Event
Log as output formats). The 'export'/'import' entries are complementary: there
should be a corresponding 'import' entry for each 'export.'
These log entries are informational in nature. Generally no action
is required. If more entries are being processed than what appear in the event
logs or in your log management solution, it could be that the log size is too
small and entries are being overwritten. See Appendix C: Diagnostic Events“551– LOGbinder agent successful”
for more information on these events.
If LOGbinder for Exchange has an error, an entry will be created in
the Application log. If permissions are removed, or if the license expires, you
may receive a "556– LOGbinder insufficient authority"
or "557– License for LOGbinder invalid"
error, which are explained above. Other errors will be entitled "555 – LOGbinder error". If you cannot resolve the problem, please submit the issue to the LOGbinder support team.
Optionally provide private feedback to help us improve this article...
Thank you for your feedback!